Facebook: Attack identified, most spammed porn removed

Facebook has been hit by a widespread attack spamming porn and violent images, security experts say.

Story highlights

NEW: Facebook hack exploited browsers to spread porn, violent images

NEW: The site says most of the offensive material has been removed

Members of hacker collective Anonymous claim they created a virus to attack Facebook

Facebook: No data or account information was compromised in the attack

Facebook says a hack that exploited some Web browsers was responsible for a flood of porn, violent images and other graphic content that spread across the site over the past couple of days.

Spokesman Frederic Wolens said Facebook's security team had been working to identify the cause of the spam and that, by Tuesday afternoon, "we have eliminated most of the spam caused by this attack."

"We are now working to improve our systems to better defend against similar attacks in the future," Wolens said in an e-mail.

Earlier Tuesday, Graham Cluley, a consultant with Web security firm Sophos, said that "explicit and violent" images had been flooding the News Feeds of Facebook users for the past 24 hours or so.

Cluley wrote on the Sophos blog that the images included hardcore porn; photoshopped images of celebrities, including teen pop star Justin Bieber, in sexual positions; "extreme violence;" and at least one image of an abused dog.

Facebook privacy policy in the spotlight

Just Watched

Facebook apps go beyond 'like' feature

"What's clear," Cluley wrote, "is that mischief-makers are upsetting many Facebook users and making the social networking site far from a family-friendly place."

Several CNN.com staffers reported seeing some of the images by Tuesday morning.

Facebook's Wolens said that users were tricked into pasting malicious script into their browser URL bars, causing them to unknowingly share the offensive content.

He said no data or account information was compromised during the attack.

The blog AllFacebook reported that the social-media giant had been quietly taking down the images for most of the day Tuesday.

Writer Jackie Cohen said a request for comment on the images merely got a reply thanking her for "flagging" the images.

"The fact that these photos spread for as long as 48 hours unchecked [shows] how much Facebook relies on individual users to flag inappropriate content: people were commenting on the images more than flagging them," she wrote.

Users were, understandably, distraught.

"Seeing a dead dog on my Facebook news feed ........ Officially deactivating it," said one Twitter user in a post collected by Sophos.

The Facebook statement said the site has built a mechanism to shut down pages sharing the links and contacted people affected by the attack with information about how to protect themselves.

The site advised users never to copy and paste unknown code into their browser bars, always use up-to-date browsers and use the "Report" links on Facebook to report suspicious activity when they see it.

Facebook did not say anything about who may have been behind the attacks.

With questions still abounding, speculation on the Web turned -- as it often does in online hacking cases -- the controversial "hacktivist" collective Anonymous.

A group claiming allegiance to Anonymous announced it was going to make November 5 "Kill Facebook Day." That day came and went with little noticeable activity.

But last week, an Anonymous-affiliated group announced in a YouTube video that it had created the "Fawkes virus," a sophisticated tool that would attack Facebook.

A handful of Twitter feeds widely acknowledged as being run by Anonymous members had made no mention of the Facebook posts Tuesday morning.

At least two members had previously distanced themselves from Operation Facebook, saying it was doomed to fail and that Anonymous is not a cohesive group with unanimously approved goals.

"Using a simple Facebook account, the worm can be carried into other accounts with little or no interaction," an automated voice says in the video posted on the account "AnonSecurity157." "We did not expect the intensity with which this would spread."

The video claims the worm can be controlled remotely and that once it's fully understood it "will use this to its advantage against corruption."